NRI SecureTechnologies unveils the “Blockchain Security Monitoring Service” (“This Service”) to detect and report security vulnerabilities in information systems and services that use blockchain technology. The first use will be as a monitoring service for smart contracts on Ethereum*1.
This service is implemented by introducing multiple scan tools in the security log monitoring service “NeoSOC”*2 that NRI already offers. “NeoSOC” monitors the behavior of targeted smart contracts and notifies the company using this service when new vulnerabilities are detected. The company receiving such a notification can avoid an attack by stopping the use of the corresponding programs and system processes.
One of the introduced tools is “Mythril”, a smart contract security diagnosis and analysis tool that is offered by ConsenSys Diligence Inc., a blockchain security company. A feature of Mythril is that it can automatically diagnose the behavior of a smart contract and discover hidden vulnerabilities. Meanwhile, NRI Secure has become the first “development partner” of ConsenSys in Japan.
“ConsenSys Diligence is extremely happy to forge a new partnership with NRI Secure, who are widely recognized as leaders in managed security services and also leading edge pioneers in the Ethereum blockchain security space.” says Tom Lindeman, co-founder of ConsenSys Diligence. “We plan to collaborate closely to bring powerful automated smart contract analysis services to customers worldwide and to further our shared goal of making Ethereum safer for everyone.”
A smart contract is a mechanism by which a certain contract is automatically executed by a program when a transaction request is generated that matches previously set conditions. Applications are being explored in various fields, such as for securities settlements, real estate transactions, and sharing economies.
At the same time, with the increase in illegal invasions into virtual currency exchanges and cyber attacks that exploit blockchain vulnerabilities, and the accompanying damage, cases of attacks that target smart contracts*3 have been reported. Therefore it is necessary for the developers of smart contracts, and the companies that introduce them, to always be aware of information about security vulnerabilities and check whether a developed program could be the target of an attack.
In the future, NRI Secure will continue to work with ConsenSys and other finance technology companies within Japan and elsewhere to widen the range of application of this service and to make contributions in the area of security in the development of blockchain technology and for the businesses that use it.
- Ethereum: A blockchain platform that can construct distributed applications (DApps) centered on smart contracts. It distributes the virtual currency called Ether, which boasts of an aggregate market value second only to Bitcoin.
- Security log monitoring service (NeoSOC): This is a service that, through the introduction and operations management of information security products, and real-time log analysis of information system devices, quickly discovers security incidents (problems, cases) in order to take necessary precautions. In the three countries of Japan, the United States, and India it is used to monitor five security operation centers and provide service with a 24-hour 365-day system. For details, see the following web site:
- Cases of attacks that targeted smart contracts: Outstanding cases are the DAO incident of 2016, and the incident targeting the vulnerability in the Parity multi-signature wallet function that occurred in 2017. At those times there were cases of exchange rate damage amounting to billions of yen.